RSASSA_PKCS1v15_SHA_Signer and PK_SignatureScheme::KeyTooShort exception

Question

I am using Crypto++ for the first time, and I am having some trouble. Why does this work in C# (with the same keys), but not with Crypto++? I will show my C# and C++ code below.

C# code (this works!):

byte[] Modulus = new byte[] { 0xA3, 0x1D, 0x6C, 0xE5, 0xFA, 0x95, 0xFD, 0xE8, 0x90, 0x21, 0xFA, 0xD1, 0x0C, 0x64, 0x19, 0x2B, 0x86, 0x58, 0x9B, 0x17, 0x2B, 0x10, 0x05, 0xB8, 0xD1, 0xF8, 0x4C, 0xEF, 0x53, 0x4C, 0xD5, 0x4E, 0x5C, 0xAE, 0x86, 0xEF, 0x92, 0x7B, 0x90, 0xD1, 0xE0, 0x62, 0xFD, 0x7C, 0x54, 0x55, 0x9E, 0xE0, 0xE7, 0xBE, 0xFA, 0x3F, 0x9E, 0x15, 0x6F, 0x6C, 0x38, 0x4E, 0xAF, 0x07, 0x0C, 0x61, 0xAB, 0x51, 0x5E, 0x23, 0x53, 0x14, 0x18, 0x88, 0xCB, 0x6F, 0xCB, 0xC5, 0xD6, 0x30, 0xF4, 0x06, 0xED, 0x24, 0x23, 0xEF, 0x25, 0x6D, 0x00, 0x91, 0x77, 0x24, 0x9B, 0xE5, 0xA3, 0xC0, 0x27, 0x90, 0xC2, 0x97, 0xF7, 0x74, 0x9D, 0x6F, 0x17, 0x83, 0x7E, 0xB5, 0x37, 0xDE, 0x51, 0xE8, 0xD7, 0x1C, 0xE1, 0x56, 0xD9, 0x56, 0xC8, 0xC3, 0xC3, 0x20, 0x9D, 0x64, 0xC3, 0x2F, 0x8C, 0x91, 0x92, 0x30, 0x6F, 0xDB };
byte[] Exponent = new byte[] { 0x00, 0x01, 0x00, 0x01 };
byte[] P = new byte[] { 0xCC, 0xE7, 0x5D, 0xFE, 0x72, 0xB6, 0xFD, 0xE7, 0x1D, 0xE3, 0x1A, 0x0E, 0xAC, 0x33, 0x7A, 0xB9, 0x21, 0xE8, 0x8A, 0x84, 0x9B, 0xDA, 0x9F, 0x1E, 0x58, 0x34, 0x68, 0x7A, 0xB1, 0x1D, 0x7E, 0x1C, 0x18, 0x52, 0x65, 0x7B, 0x97, 0x8E, 0xA7, 0x6A, 0x9D, 0xEE, 0x5A, 0x77, 0x52, 0x3B, 0x71, 0x8F, 0x33, 0xD0, 0x49, 0x5E, 0xC3, 0x30, 0x39, 0x72, 0x36, 0xBF, 0x1D, 0xD9, 0xF2, 0x24, 0xE8, 0x71 };
byte[] Q = new byte[] { 0xCB, 0xCA, 0x58, 0x74, 0xD4, 0x03, 0x62, 0x93, 0x06, 0x50, 0x1F, 0x42, 0xF6, 0xAA, 0x59, 0x36, 0xA7, 0xA1, 0xF3, 0x97, 0x5C, 0x9A, 0xC8, 0x6A, 0x27, 0xCF, 0x85, 0x05, 0x2A, 0x66, 0x41, 0x6A, 0x7F, 0x2F, 0x84, 0xC8, 0x18, 0x13, 0xC6, 0x1D, 0x8D, 0xC7, 0x32, 0x2F, 0x72, 0x19, 0x3F, 0xA4, 0xED, 0x71, 0xE7, 0x61, 0xC0, 0xCF, 0x61, 0xAE, 0x8B, 0xA0, 0x68, 0xA7, 0x7D, 0x83, 0x23, 0x0B };
byte[] DP = new byte[] { 0x4C, 0xCA, 0x74, 0xE6, 0x74, 0x35, 0x72, 0x48, 0x58, 0x62, 0x11, 0x14, 0xE8, 0xA2, 0x4E, 0x5E, 0xED, 0x7F, 0x49, 0xD2, 0x52, 0xDA, 0x87, 0x01, 0x87, 0x4A, 0xF4, 0xD0, 0xEE, 0x69, 0xC0, 0x26, 0x65, 0x53, 0x13, 0xE7, 0x52, 0xB0, 0x4A, 0xBB, 0xE1, 0x3E, 0x3F, 0xB7, 0x32, 0x21, 0x46, 0xF8, 0xC5, 0x11, 0x4D, 0x3D, 0xEF, 0x66, 0xB6, 0x50, 0xC0, 0x85, 0xB5, 0x79, 0x45, 0x8F, 0x61, 0x71 };
byte[] InverseQ = new byte[] { 0x28, 0x6A, 0xBB, 0xD1, 0x93, 0x95, 0x94, 0x1A, 0x6E, 0xED, 0xD7, 0x0E, 0xC0, 0x61, 0x2B, 0xC2, 0xEF, 0xE1, 0x86, 0x3D, 0x34, 0x12, 0x88, 0x6F, 0x94, 0xA4, 0x48, 0x6E, 0xC9, 0x87, 0x1E, 0x46, 0x00, 0x46, 0x00, 0x52, 0x8E, 0x9F, 0x47, 0xC0, 0x8C, 0xAB, 0xBC, 0x49, 0xAC, 0x5B, 0x13, 0xF2, 0xEC, 0x27, 0x8D, 0x1B, 0x6E, 0x51, 0x06, 0xA6, 0xF1, 0x62, 0x1A, 0xEB, 0x78, 0x2E, 0x88, 0x48 };
byte[] D = new byte[] { 0x9B, 0xF9, 0xDE, 0xC2, 0x45, 0x93, 0x4C, 0x4C, 0xAC, 0x48, 0x2B, 0xA8, 0x4D, 0xFC, 0xD7, 0xED, 0xB2, 0xFB, 0x72, 0xE9, 0xEA, 0xC1, 0x88, 0x39, 0x07, 0x2A, 0x6F, 0x34, 0x07, 0x81, 0x97, 0x7E, 0xCD, 0xFA, 0x21, 0x02, 0xF5, 0xDD, 0x30, 0xDD, 0x22, 0x4A, 0xB3, 0x41, 0xE5, 0x89, 0x80, 0x73, 0xC4, 0xAF, 0x90, 0x9E, 0x2B, 0x50, 0x8A, 0x0A, 0xD4, 0x6E, 0xBD, 0x0F, 0x15, 0x79, 0x37, 0x95, 0xE8, 0x3D, 0xCF, 0x4C, 0x6D, 0xFF, 0x51, 0x65, 0xE7, 0x90, 0xC1, 0xAC, 0x2D, 0xC6, 0xEB, 0x47, 0x19, 0x2D, 0xD0, 0x58, 0x74, 0x79, 0xAC, 0x08, 0x1C, 0xA3, 0x1D, 0xD0, 0xCE, 0x39, 0x2E, 0xC3, 0xFA, 0x66, 0xEF, 0xC7, 0x8E, 0x10, 0x2F, 0xE4, 0xA1, 0xE7, 0x4E, 0xA8, 0x42, 0xF0, 0xF4, 0xFD, 0x10, 0xA6, 0x67, 0x64, 0xCB, 0x3A, 0x6D, 0x4D, 0x51, 0xEC, 0x1F, 0x9D, 0x56, 0x26, 0xC2, 0xFC };
byte[] DQ = new byte[] { 0xAF, 0xDC, 0x46, 0xE7, 0x52, 0x8A, 0x35, 0x47, 0xA1, 0x1C, 0x05, 0x4E, 0x39, 0x24, 0x99, 0xE6, 0x43, 0x54, 0xCB, 0xAB, 0xE3, 0xDB, 0x22, 0x76, 0x11, 0x32, 0xD0, 0x9C, 0xBB, 0x91, 0x10, 0x84, 0x81, 0x8B, 0x15, 0x2F, 0xC3, 0x2F, 0x55, 0x38, 0xED, 0xBF, 0x67, 0x3C, 0x70, 0x5E, 0xFF, 0x80, 0x28, 0xF3, 0xB1, 0x73, 0xB6, 0xFA, 0x7F, 0x56, 0x2B, 0xE1, 0xDA, 0x4E, 0x27, 0x4E, 0xC2, 0x2F }; 


RSAParameters rsaParams = new RSAParameters();
rsaParams.Modulus = Modulus;
rsaParams.Exponent = Exponent;
rsaParams.P = P;
rsaParams.Q = Q;
rsaParams.DP = DP;
rsaParams.InverseQ = InverseQ;
rsaParams.D = D;
rsaParams.DQ = DQ;

RSACryptoServiceProvider crypt = new RSACryptoServiceProvider();
crypt.ImportParameters(rsaParams);

RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter();
formatter.SetHashAlgorithm("SHA1");
formatter.SetKey(crypt);

byte[] dataFile = new byte[] { 0x6F, 0x9F, 0x07, 0x04, 0xE2, 0x1A, 0xF7, 0xB8, 0xB2, 0x4F, 0x8D, 0x66, 0x49, 0xA1, 0x09, 0xA7, 0xB2, 0x22, 0x3C, 0xF9};

byte[] signature = formatter.CreateSignature(dataFile);

Now, my C++ code, which doesn't work:

const char ModulusCON[0x80] = { 0xA3, 0x1D, 0x6C, 0xE5, 0xFA, 0x95, 0xFD, 0xE8, 0x90, 0x21, 0xFA, 0xD1, 0x0C, 0x64, 0x19, 0x2B, 0x86, 0x58, 0x9B, 0x17, 0x2B, 0x10, 0x05, 0xB8, 0xD1, 0xF8, 0x4C, 0xEF, 0x53, 0x4C, 0xD5, 0x4E, 0x5C, 0xAE, 0x86, 0xEF, 0x92, 0x7B, 0x90, 0xD1, 0xE0, 0x62, 0xFD, 0x7C, 0x54, 0x55, 0x9E, 0xE0, 0xE7, 0xBE, 0xFA, 0x3F, 0x9E, 0x15, 0x6F, 0x6C, 0x38, 0x4E, 0xAF, 0x07, 0x0C, 0x61, 0xAB, 0x51, 0x5E, 0x23, 0x53, 0x14, 0x18, 0x88, 0xCB, 0x6F, 0xCB, 0xC5, 0xD6, 0x30, 0xF4, 0x06, 0xED, 0x24, 0x23, 0xEF, 0x25, 0x6D, 0x00, 0x91, 0x77, 0x24, 0x9B, 0xE5, 0xA3, 0xC0, 0x27, 0x90, 0xC2, 0x97, 0xF7, 0x74, 0x9D, 0x6F, 0x17, 0x83, 0x7E, 0xB5, 0x37, 0xDE, 0x51, 0xE8, 0xD7, 0x1C, 0xE1, 0x56, 0xD9, 0x56, 0xC8, 0xC3, 0xC3, 0x20, 0x9D, 0x64, 0xC3, 0x2F, 0x8C, 0x91, 0x92, 0x30, 0x6F, 0xDB }; 
const char ExponentCON[0x4] = { 0x00, 0x01, 0x00, 0x01 }; 
const char PCON[0x40] = { 0xCC, 0xE7, 0x5D, 0xFE, 0x72, 0xB6, 0xFD, 0xE7, 0x1D, 0xE3, 0x1A, 0x0E, 0xAC, 0x33, 0x7A, 0xB9, 0x21, 0xE8, 0x8A, 0x84, 0x9B, 0xDA, 0x9F, 0x1E, 0x58, 0x34, 0x68, 0x7A, 0xB1, 0x1D, 0x7E, 0x1C, 0x18, 0x52, 0x65, 0x7B, 0x97, 0x8E, 0xA7, 0x6A, 0x9D, 0xEE, 0x5A, 0x77, 0x52, 0x3B, 0x71, 0x8F, 0x33, 0xD0, 0x49, 0x5E, 0xC3, 0x30, 0x39, 0x72, 0x36, 0xBF, 0x1D, 0xD9, 0xF2, 0x24, 0xE8, 0x71 }; 
const char QCON[0x40] = { 0xCB, 0xCA, 0x58, 0x74, 0xD4, 0x03, 0x62, 0x93, 0x06, 0x50, 0x1F, 0x42, 0xF6, 0xAA, 0x59, 0x36, 0xA7, 0xA1, 0xF3, 0x97, 0x5C, 0x9A, 0xC8, 0x6A, 0x27, 0xCF, 0x85, 0x05, 0x2A, 0x66, 0x41, 0x6A, 0x7F, 0x2F, 0x84, 0xC8, 0x18, 0x13, 0xC6, 0x1D, 0x8D, 0xC7, 0x32, 0x2F, 0x72, 0x19, 0x3F, 0xA4, 0xED, 0x71, 0xE7, 0x61, 0xC0, 0xCF, 0x61, 0xAE, 0x8B, 0xA0, 0x68, 0xA7, 0x7D, 0x83, 0x23, 0x0B }; 
const char DPCON[0x40] = { 0x4C, 0xCA, 0x74, 0xE6, 0x74, 0x35, 0x72, 0x48, 0x58, 0x62, 0x11, 0x14, 0xE8, 0xA2, 0x4E, 0x5E, 0xED, 0x7F, 0x49, 0xD2, 0x52, 0xDA, 0x87, 0x01, 0x87, 0x4A, 0xF4, 0xD0, 0xEE, 0x69, 0xC0, 0x26, 0x65, 0x53, 0x13, 0xE7, 0x52, 0xB0, 0x4A, 0xBB, 0xE1, 0x3E, 0x3F, 0xB7, 0x32, 0x21, 0x46, 0xF8, 0xC5, 0x11, 0x4D, 0x3D, 0xEF, 0x66, 0xB6, 0x50, 0xC0, 0x85, 0xB5, 0x79, 0x45, 0x8F, 0x61, 0x71 }; 
const char InverseQCON[0x40] = { 0x28, 0x6A, 0xBB, 0xD1, 0x93, 0x95, 0x94, 0x1A, 0x6E, 0xED, 0xD7, 0x0E, 0xC0, 0x61, 0x2B, 0xC2, 0xEF, 0xE1, 0x86, 0x3D, 0x34, 0x12, 0x88, 0x6F, 0x94, 0xA4, 0x48, 0x6E, 0xC9, 0x87, 0x1E, 0x46, 0x00, 0x46, 0x00, 0x52, 0x8E, 0x9F, 0x47, 0xC0, 0x8C, 0xAB, 0xBC, 0x49, 0xAC, 0x5B, 0x13, 0xF2, 0xEC, 0x27, 0x8D, 0x1B, 0x6E, 0x51, 0x06, 0xA6, 0xF1, 0x62, 0x1A, 0xEB, 0x78, 0x2E, 0x88, 0x48 }; 
const char DCON[0x80] = { 0x9B, 0xF9, 0xDE, 0xC2, 0x45, 0x93, 0x4C, 0x4C, 0xAC, 0x48, 0x2B, 0xA8, 0x4D, 0xFC, 0xD7, 0xED, 0xB2, 0xFB, 0x72, 0xE9, 0xEA, 0xC1, 0x88, 0x39, 0x07, 0x2A, 0x6F, 0x34, 0x07, 0x81, 0x97, 0x7E, 0xCD, 0xFA, 0x21, 0x02, 0xF5, 0xDD, 0x30, 0xDD, 0x22, 0x4A, 0xB3, 0x41, 0xE5, 0x89, 0x80, 0x73, 0xC4, 0xAF, 0x90, 0x9E, 0x2B, 0x50, 0x8A, 0x0A, 0xD4, 0x6E, 0xBD, 0x0F, 0x15, 0x79, 0x37, 0x95, 0xE8, 0x3D, 0xCF, 0x4C, 0x6D, 0xFF, 0x51, 0x65, 0xE7, 0x90, 0xC1, 0xAC, 0x2D, 0xC6, 0xEB, 0x47, 0x19, 0x2D, 0xD0, 0x58, 0x74, 0x79, 0xAC, 0x08, 0x1C, 0xA3, 0x1D, 0xD0, 0xCE, 0x39, 0x2E, 0xC3, 0xFA, 0x66, 0xEF, 0xC7, 0x8E, 0x10, 0x2F, 0xE4, 0xA1, 0xE7, 0x4E, 0xA8, 0x42, 0xF0, 0xF4, 0xFD, 0x10, 0xA6, 0x67, 0x64, 0xCB, 0x3A, 0x6D, 0x4D, 0x51, 0xEC, 0x1F, 0x9D, 0x56, 0x26, 0xC2, 0xFC }; 
const char DQCON[0x40] = { 0xAF, 0xDC, 0x46, 0xE7, 0x52, 0x8A, 0x35, 0x47, 0xA1, 0x1C, 0x05, 0x4E, 0x39, 0x24, 0x99, 0xE6, 0x43, 0x54, 0xCB, 0xAB, 0xE3, 0xDB, 0x22, 0x76, 0x11, 0x32, 0xD0, 0x9C, 0xBB, 0x91, 0x10, 0x84, 0x81, 0x8B, 0x15, 0x2F, 0xC3, 0x2F, 0x55, 0x38, 0xED, 0xBF, 0x67, 0x3C, 0x70, 0x5E, 0xFF, 0x80, 0x28, 0xF3, 0xB1, 0x73, 0xB6, 0xFA, 0x7F, 0x56, 0x2B, 0xE1, 0xDA, 0x4E, 0x27, 0x4E, 0xC2, 0x2F }; 

// set the params
CryptoPP::AutoSeededRandomPool rng;
InvertibleRSAFunction params;

Integer integ(ModulusCON);
params.SetModulus(integ);

Integer integ1(ExponentCON);
params.SetPublicExponent(integ1);

Integer integ2(PCON);
params.SetPrime1(integ2);

Integer integ3(QCON);
params.SetPrime2(integ3);

Integer integ4(DPCON);
params.SetModPrime1PrivateExponent(integ4);

Integer integ5(InverseQCON);
params.SetMultiplicativeInverseOfPrime2ModPrime1(integ5);

Integer integ6(DCON);
params.SetPrivateExponent(integ6);

Integer integ7(DQCON);
params.SetModPrime2PrivateExponent(integ7);

// create the keys
RSA::PrivateKey privateKey(params);
RSA::PublicKey publicKey(params);

CryptoPP::RSASSA_PKCS1v15_SHA_Signer signer(privateKey);

unsigned char data[20] = { 0x6F, 0x9F, 0x07, 0x04, 0xE2, 0x1A, 0xF7, 0xB8, 0xB2, 0x4F, 0x8D, 0x66, 0x49, 0xA1, 0x09, 0xA7, 0xB2, 0x22, 0x3C, 0xF9 };
BYTE *signature = new BYTE[0x80];
signer.SignMessage(rng, data, 20, signature);

Based on what I know, Crypto++'s 'RSASSA_PKCS1v15_SHA_Signer' is what I want equivalent to C#'s 'RSAPKCS1SignatureFormatter' and setting the hash algorithm to SHA1.

The error it throws is:

Unhandled exception at at 0x7646B9BC in proj.exe: Microsoft C++ exception: > CryptoPP::PK_SignatureScheme::KeyTooShort at memory location 0x0040EF18.

Thanks for any help, Hetelek.

Answer 1

I can't answer as to why this works in C#, but as for Crypto++, there are a couple of issues.

Firstly, you're probably invoking the wrong constructor of Integer. I guess you want this one which converts from big-endian byte array:

Integer (const byte *encodedInteger, size_t byteCount, Signedness s=UNSIGNED)

but are using this one which convert from a string in base 2, 8, 10, or 16 (in your case base 10).

So, using ExponentCON as an example, you should do:

const int ExponentSize(0x4);
const byte ExponentCON[ExponentSize] = { 0x00, 0x01, 0x00, 0x01 };
Integer integ1(ExponentCON, ExponentSize);

or possibly better still:

std::string ExponentCON("101h");  // <-- Note trailing 'h' indicating hex encoding
Integer integ1(ExponentCON.c_str());

Next, the members of InvertibleRSAFunction must satisfy certain conditions in order to qualify as a valid key. These can be seen by stepping through the InvertibleRSAFunction::Validate function and I assume check for the conditions described here.

params.Validate(rng, 3);  // Returns false for your input data

There are some helper functions which are designed to avoid having to set everything explicitly as you're doing. I don't know if these are suitable for you, but I'm referring to InvertibleRSAFunction::GenerateRandomWithKeySize and the overloaded InvertibleRSAFunction::Initialize.

The Crypto++ Wiki describes the use of these functions with example code.

Answer 2

TLDR: your private exponent, d, is wrong in your sample program. You have other, more obvious problems, too. But d is causing the mathematical problems.

And it begs the question, how did that work in C#? The math does not change across computer languages and runtimes.

---

The first problem is the declarations using chars:

...
const char ExponentCON[0x4] = { 0x00, 0x01, 0x00, 0x01 }; 
...

This causes you to use the constructors for ASCII strings, which is the wrong Integer constructor. It results in at least two issues:

// Added for testing
if (integ != integ2 * integ3)
{
    cerr << "error: n != p*q" << endl;
}

// Added for testing
params.ThrowIfInvalid(prng, 3);

When running the program, ThrowIfInvalid validates the parameters and its the source of CryptoMaterial: ...:

error: n != p*q
CryptoMaterial: this object contains invalid values

---

The const char need to be changed to const byte. Then:

Integer integ(ModulusCON, sizeof(ModulusCON));
params.SetModulus(integ);

Integer integ1(ExponentCON, sizeof(ExponentCON));
params.SetPublicExponent(integ1);

Integer integ2(PCON, sizeof(PCON));
params.SetPrime1(integ2);

Integer integ3(QCON, sizeof(QCON));
params.SetPrime2(integ3);
...

With that change in place, this error message from above disappears: error: n != p*q. But the CryptoMaterial: this object contains invalid values remains.

---

The second problem appears to be some of your private key parameters are not correct. You can see what tests InvertibleRSAFunction::Validate is performing by looking at the source code in rsa.cpp near line 250.

You can partially side step it by using Initialize that takes {n,e,d}, and let Initialize factor and solve:

Integer n(ModulusCON, sizeof(ModulusCON));
Integer e(ExponentCON, sizeof(ExponentCON));
Integer d(DCON, sizeof(DCON));

params.Initialize(n,e,d);
params.ThrowIfInvalid(prng, 3);

However, that results in:

InvertibleRSAFunction: input is not a valid RSA private key

---

Next, check p and q. #include <nbtheory.h>, and then:

Integer p(PCON, sizeof(PCON));
Integer q(QCON, sizeof(QCON));

cout << "P is prime: " << (VerifyPrime(prng, p, 10) ? "yes" : "no") << endl;
cout << "Q is prime: " << (VerifyPrime(prng, q, 10) ? "yes" : "no") << endl;

It results in:

$ ./test.exe
P is prime: yes
Q is prime: yes

At this point, it appears the problem is with one of the exponents.

---

Next, assume e is relatively prime to phi, #include <modarith.h>, and then:

Integer n(ModulusCON, sizeof(ModulusCON));
Integer p(PCON, sizeof(PCON));
Integer q(QCON, sizeof(QCON));

Integer e(ExponentCON, sizeof(ExponentCON));    
Integer phi = (p-1)*(q-1);

ModularArithmetic ma(phi);
Integer d = ma.MultiplicativeInverse(e);

params.Initialize(n,e,d);
params.ThrowIfInvalid(prng, 3);

cout << "Validated parameters" << endl;

It results in:

$ ./test.exe
Validated parameters

So, the problem is with your d exponent. It is easy enough to print with cout << std::hex << d << endl:

$ ./test.exe
Validated parameters

174bcc91cc08400b470a9357e7fd23db2384e4219af4dedc56a0afdc3e796abd965f16c680954549
b4526f01a2c9d7b727620f3ba6c848f19bd9210650ae62593249d7a4e0522ad48aea559d4f6a1f3f
6ae9953bed7c947e273d455a4982523dd90640b0a25572ae8c5e064e39807ddf778af96afd492999
acc40919a4d4f601h

As you can see, the first octet of the calculated d is 0x17, but the first octet of the d you provided is 0x9B.

---

Also, you might want to do something like the following:

unsigned char data[20] = { 0x6F, 0x9F, 0x07, 0x04, 0xE2, 0x1A, 0xF7, 0xB8, 0xB2, 0x4F,
                           0x8D, 0x66, 0x49, 0xA1, 0x09, 0xA7, 0xB2, 0x22, 0x3C, 0xF9 };

const size_t req = signer.MaxSignatureLength(sizeof(data));
byte signature[req];
const size_t used = signer.SignMessage(prng, data, 20, signature);
// Trim 'signature' to 'used'